Re: [PATCH v2] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned

Next message: Konrad Dybcio: "Re: [PATCH] interconnect: qcom: simplify allocation"
Previous message: Rodrigo Alencar: "Re: [PATCH v3 1/3] iio: types: add IIO_VOLUMEFLOW channel type"
Next in thread: Kacper Kokot: "Re: [PATCH v2] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kacper Kokot

Date: Mon Jun 08 2026 - 05:08:36 EST

> > Padding TCP options with NOPs is optional, so it is legal to send an
> > MSS option that is not aligned to a word boundary [...]
>
> Yes, but how many stacks do this?

None that I'm aware of. Mainstream stacks pad everything to a word
boundary and put MSS as the first option. The motivation is RFC 9293
(MUST-64) spec conformance rather than a bug seen in the wild.

> > This has not been observed in any real environment.
>
> ... then why is this a fix?
> [...]
> To me, this qualifies as an enhancement, if anything.

I'll drop the "fix" and reframe this as an enhancement including your
suggested subject line.

> This is questionably a "clean packet".

Fair point, I shouldn't have framed it as legitimate/clean traffic
being dropped.

> And "the kernel is not silently dropping anything, it is policy that
> would drop it" [...]

I'll reword the commit message to say the mangled packet ends up with
an invalid checksum and could then be dropped by policy, rather than
implying the kernel itself drops it.

Thanks for the review.